[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 17/22] arm/gic: Add a new callback to deny Dom0 access to GIC regions

On Tue, 22 Mar 2016, Julien Grall wrote:
> Hi Shannon,
> 
> On 17/03/16 09:41, Shannon Zhao wrote:
> > From: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
> > 
> > Add a new member in gic_hw_operations which is used to deny Dom0 access
> > to GIC regions.
> > 
> > Signed-off-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
> > ---
> > v6: use SZ_64K for GICv3 distributor
> > ---
> >   xen/arch/arm/gic-v2.c     | 31 +++++++++++++++++++++++++++++++
> >   xen/arch/arm/gic-v3.c     | 45
> > +++++++++++++++++++++++++++++++++++++++++++++
> >   xen/arch/arm/gic.c        |  5 +++++
> >   xen/include/asm-arm/gic.h |  3 +++
> >   4 files changed, 84 insertions(+)
> > 
> > diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c
> > index 02db5f2..186f944 100644
> > --- a/xen/arch/arm/gic-v2.c
> > +++ b/xen/arch/arm/gic-v2.c
> > @@ -22,6 +22,7 @@
> >   #include <xen/init.h>
> >   #include <xen/mm.h>
> >   #include <xen/irq.h>
> > +#include <xen/iocap.h>
> >   #include <xen/sched.h>
> >   #include <xen/errno.h>
> >   #include <xen/softirq.h>
> > @@ -714,6 +715,31 @@ static u32 gicv2_make_hwdom_madt(const struct domain
> > *d, u32 offset)
> >       return table_len;
> >   }
> > 
> > +static int gicv2_iomem_deny_access(const struct domain *d)
> > +{
> > +    int rc;
> > +    unsigned long gfn, nr;
> > +
> > +    gfn = dbase >> PAGE_SHIFT;
> > +    rc = iomem_deny_access(d, gfn, gfn + 1);
> > +    if ( rc )
> > +        return rc;
> > +
> > +    gfn = hbase >> PAGE_SHIFT;
> > +    rc = iomem_deny_access(d, gfn, gfn + 1);
> > +    if ( rc )
> > +        return rc;
> > +
> > +    gfn = cbase >> PAGE_SHIFT;
> > +    nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> > +    rc = iomem_deny_access(d, gfn, gfn + nr);
> > +    if ( rc )
> > +        return rc;
> > +
> > +    gfn = vbase >> PAGE_SHIFT;
> > +    return iomem_deny_access(d, gfn, gfn + nr);
> > +}
> > +
> >   static int __init
> >   gic_acpi_parse_madt_cpu(struct acpi_subtable_header *header,
> >                           const unsigned long end)
> > @@ -809,6 +835,10 @@ static u32 gicv2_make_hwdom_madt(const struct domain
> > *d, u32 offset)
> >   {
> >       return 0;
> >   }
> > +static int gicv2_iomem_deny_access(const struct domain *d)
> > +{
> > +    return 0;
> > +}
> 
> I don't see any benefits to have iomem_deny_access only implemented when
> CONFIG_ACPI is built.
> 
> Because in this case, you will also deny the iomem when Xen is booting using
> device tree.

That's true, it would be better to do that for device tree too.


> >   #endif
> > 
> >   static int __init gicv2_init(void)
> > @@ -902,6 +932,7 @@ const static struct gic_hw_operations gicv2_ops = {
> >       .read_apr            = gicv2_read_apr,
> >       .make_hwdom_dt_node  = gicv2_make_hwdom_dt_node,
> >       .make_hwdom_madt     = gicv2_make_hwdom_madt,
> > +    .iomem_deny_access   = gicv2_iomem_deny_access,
> >   };
> > 
> >   /* Set up the GIC */
> > diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> > index d9fce4b..7f9634d 100644
> > --- a/xen/arch/arm/gic-v3.c
> > +++ b/xen/arch/arm/gic-v3.c
> > @@ -27,6 +27,7 @@
> >   #include <xen/cpu.h>
> >   #include <xen/mm.h>
> >   #include <xen/irq.h>
> > +#include <xen/iocap.h>
> >   #include <xen/sched.h>
> >   #include <xen/errno.h>
> >   #include <xen/delay.h>
> > @@ -1278,6 +1279,45 @@ static u32 gicv3_make_hwdom_madt(const struct domain
> > *d, u32 offset)
> >       return table_len;
> >   }
> > 
> > +static int gicv3_iomem_deny_access(const struct domain *d)
> > +{
> > +    int rc, i;
> > +    unsigned long gfn, nr;
> > +
> > +    gfn = dbase >> PAGE_SHIFT;
> > +    nr = DIV_ROUND_UP(SZ_64K, PAGE_SIZE);
> > +    rc = iomem_deny_access(d, gfn, gfn + nr);
> > +    if ( rc )
> > +        return rc;
> > +
> > +    for ( i = 0; i < gicv3.rdist_count; i++ )
> > +    {
> > +        gfn = gicv3.rdist_regions[i].base >> PAGE_SHIFT;
> > +        nr = DIV_ROUND_UP(gicv3.rdist_regions[i].size, PAGE_SIZE);
> > +        rc = iomem_deny_access(d, gfn, gfn + nr);
> > +        if ( rc )
> > +            return rc;
> > +    }
> > +
> > +    if ( cbase != INVALID_PADDR )
> > +    {
> > +        gfn = cbase >> PAGE_SHIFT;
> > +        nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> > +        rc = iomem_deny_access(d, gfn, gfn + nr);
> > +        if ( rc )
> > +            return rc;
> > +    }
> > +
> > +    if ( vbase != INVALID_PADDR )
> > +    {
> > +        gfn = vbase >> PAGE_SHIFT;
> > +        nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> > +        return iomem_deny_access(d, gfn, gfn + nr);
> > +    }
> > +
> > +    return 0;
> > +}
> > +
> >   static int __init
> >   gic_acpi_parse_madt_cpu(struct acpi_subtable_header *header,
> >                           const unsigned long end)
> > @@ -1426,6 +1466,10 @@ static u32 gicv3_make_hwdom_madt(const struct domain
> > *d, u32 offset)
> >   {
> >       return 0;
> >   }
> > +static int gicv3_iomem_deny_access(const struct domain *d)
> > +{
> > +    return 0;
> > +}
> 
> Ditto
> 
> >   #endif
> > 
> >   /* Set up the GIC */
> > @@ -1521,6 +1565,7 @@ static const struct gic_hw_operations gicv3_ops = {
> >       .secondary_init      = gicv3_secondary_cpu_init,
> >       .make_hwdom_dt_node  = gicv3_make_hwdom_dt_node,
> >       .make_hwdom_madt     = gicv3_make_hwdom_madt,
> > +    .iomem_deny_access   = gicv3_iomem_deny_access,
> >   };
> > 
> >   static int __init gicv3_dt_preinit(struct dt_device_node *node, const void
> > *data)
> > diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> > index 6d32432..65022ee 100644
> > --- a/xen/arch/arm/gic.c
> > +++ b/xen/arch/arm/gic.c
> > @@ -744,6 +744,11 @@ u32 gic_make_hwdom_madt(const struct domain *d, u32
> > offset)
> >       return gic_hw_ops->make_hwdom_madt(d, offset);
> >   }
> > 
> > +int gic_iomem_deny_access(const struct domain *d)
> > +{
> > +    return gic_hw_ops->iomem_deny_access(d);
> > +}
> > +
> >   /*
> >    * Local variables:
> >    * mode: C
> > diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
> > index 4cf003d..932fc02 100644
> > --- a/xen/include/asm-arm/gic.h
> > +++ b/xen/include/asm-arm/gic.h
> > @@ -360,6 +360,8 @@ struct gic_hw_operations {
> >                                 const struct dt_device_node *gic, void
> > *fdt);
> >       /* Create MADT table for the hardware domain */
> >       u32 (*make_hwdom_madt)(const struct domain *d, u32 offset);
> > +    /* Deny access to GIC regions */
> > +    int (*iomem_deny_access)(const struct domain *d);
> >   };
> > 
> >   void register_gic_ops(const struct gic_hw_operations *ops);
> > @@ -367,6 +369,7 @@ int gic_make_hwdom_dt_node(const struct domain *d,
> >                              const struct dt_device_node *gic,
> >                              void *fdt);
> >   u32 gic_make_hwdom_madt(const struct domain *d, u32 offset);
> > +int gic_iomem_deny_access(const struct domain *d);
> > 
> >   #endif /* __ASSEMBLY__ */
> >   #endif
> > 
> 
> Regards,
> 
> -- 
> Julien Grall
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.